Ask Your Question
0

how to prevent a program from closing wireshark?

asked 2018-07-07 21:06:38 +0000

anonymous user

Anonymous

updated 2018-07-07 21:08:18 +0000

I am trying to capture packets from a specific program but every time I try and open the program while wireshark is running it automatically closes wireshark and the program im trying to capture packets from. I'm assuming its searching for wireshark.exe in my task manager but I dont know how to bypass this so it stops closing wireshark.

  • I have tried renaming wireshark but it still shows up in my task manager (windwos 10) as wireshark.
  • I have also tried to open the program first and then open wireshark but it still closes both as soon as I run wireshark

Anyone have any ideas?

edit retag flag offensive close merge delete

Comments

This would be a question for a hacker or anti malware forum, because could relate to any program in a Windows system. It has nothing specifically to do with Wireshark. You even left out naming the specific program.

Jaap gravatar imageJaap ( 2018-07-08 05:00:48 +0000 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2018-07-09 00:05:10 +0000

Jasper gravatar image

Usually that kind of behavior is seen in malicious programs, or when computer games or other legit software tries to prevent reverse engineering of the game communication patterns.

The easiest way to still get the packets would be to capture not on the computer running the software itself, but on the network, e.g. via SPAN port or TAP. That way the program cannot notice that the communication is captured. See also https://wiki.wireshark.org/CaptureSet...

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-07-07 21:06:38 +0000

Seen: 1,970 times

Last updated: Jul 09 '18